银狐木马 9X[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

银狐木马 9X.rar
Size

342KB
MD5

23c1ec537f0fff9c24daf2b17760c2b2
SHA1

87afbb5763544988986778585a6d96e44d58bec4
SHA256

9eb10e4fac2a9543019f8f07ed36bd1bcd7fc3d7d65a438502ff5e1330a6e033
SHA512

a11c781d86bdbcafc1fb4ce3b8d689e6aff57ddbbec72253e0c23986f4a69e608cda093f86aa7db19ed3cc327bf263b5bbde3d9f267b218a7a3b8d65e50ac7d4
SSDEEP

6144:fRQGTgibhLsd+WE89zxKsLA/6q+k/RCbeyVG5/s5x/gHxFZlvVxFkZJC89C:J9TlhL1W39zxKs8iq+0R7HLjVnkZ3C

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/银狐木马 9X/银狐木马 9X/6008.exe.vir
unpack001/银狐木马 9X/银狐木马 9X/60081.exe.vir
unpack001/银狐木马 9X/银狐木马 9X/60082.exe.vir
unpack001/银狐木马 9X/银狐木马 9X/setup-5194-26911.exe.vir
unpack001/银狐木马 9X/银狐木马 9X/setup6001.exe.vir

Files

银狐木马 9X.rar
.rar
银狐木马 9X/银狐木马 9X/6008.exe.vir
.exe windows:5 windows x64 arch:x64

9f92af854fbf58e08835c20ce69e1f44

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateFileW
ReadFile
GetFileAttributesW
CloseHandle
VirtualAlloc
GetFileSize
GetCommandLineW
GetStartupInfoW
RaiseException
RtlPcToFileHeader
HeapAlloc
GetLastError
HeapFree
DecodePointer
EncodePointer
RtlUnwindEx
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
HeapSetInformation
GetVersion
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
TerminateProcess
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
Sleep
HeapSize
LoadLibraryW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetStringTypeW

advapi32

RegCloseKey
RegOpenKeyExW

crypt32

CertEnumSystemStore

urlmon

URLDownloadToFileW

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
银狐木马 9X/银狐木马 9X/60081.exe.vir
.exe windows:5 windows x64 arch:x64

bed21645648953c58a7877b376ea5d19

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetFileAttributesW
GetCommandLineW
GetStartupInfoW
RaiseException
RtlPcToFileHeader
HeapAlloc
GetLastError
HeapFree
DecodePointer
EncodePointer
RtlUnwindEx
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
HeapSetInformation
GetVersion
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
TerminateProcess
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
Sleep
HeapSize
LoadLibraryW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetStringTypeW

advapi32

RegCloseKey
RegOpenKeyExW

urlmon

URLOpenBlockingStreamW

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 233KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
银狐木马 9X/银狐木马 9X/60082.exe.vir
.exe windows:5 windows x64 arch:x64

ad516e87cefea2ff7430b23a5a3278bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

VirtualAlloc
GetFileAttributesW
GetCommandLineW
GetStartupInfoW
RaiseException
RtlPcToFileHeader
HeapAlloc
GetLastError
HeapFree
DecodePointer
EncodePointer
RtlUnwindEx
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
HeapSetInformation
GetVersion
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
TerminateProcess
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
Sleep
HeapSize
LoadLibraryW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetStringTypeW

advapi32

RegCloseKey
RegOpenKeyExW

urlmon

URLOpenBlockingStreamW

crypt32

CertEnumSystemStore

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
银狐木马 9X/银狐木马 9X/setup-5194-26911.exe.vir
.exe windows:4 windows x64 arch:x64

ea955d8cbfc6c7758fbcdea503206f6b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

psapi

GetModuleFileNameExA

kernel32

GetModuleHandleA
GetVersionExA
SetStdHandle
GetStdHandle
LoadLibraryW
FreeLibrary
GetLastError
SetEvent
WaitForSingleObject
CreateEventA
Process32Next
OpenProcess
Process32First
CreateToolhelp32Snapshot
GetCurrentProcessId
MulDiv
GlobalFree
GlobalAlloc
Sleep
GlobalUnlock
GlobalLock
GlobalMemoryStatus
GetFileAttributesA
SetPriorityClass
GetCurrentProcess
VirtualAlloc
VirtualFree
SetEndOfFile
GetProcAddress
HeapReAlloc
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
HeapSize
RtlLookupFunctionEntry
RtlVirtualUnwind
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
InitializeCriticalSection
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
AllocConsole
OutputDebugStringA
WriteFile
FlushFileBuffers
GetLocalTime
MoveFileA
SetFilePointer
CreateFileA
GetFileSize
ReadFile
CloseHandle
SizeofResource
LoadLibraryA
SetEnvironmentVariableA
FindResourceA
LoadResource
LockResource
ExpandEnvironmentStringsA
lstrlenA
GetCommandLineA
CreateThread
GetModuleFileNameA
GetCurrentDirectoryA
SetCurrentDirectoryA
lstrcatA
lstrcpyA
GetFullPathNameA
FindFirstFileA
FindNextFileA
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
DeleteCriticalSection
GetFileType
SetHandleCount
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoA
HeapSetInformation
HeapCreate
ExitProcess
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsSetValue
TlsFree
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection

user32

SetForegroundWindow
DefWindowProcA
MessageBoxA
PeekMessageA
DestroyWindow
GetSystemMetrics
ShowWindow
UpdateWindow
InvalidateRect
GetDC
CopyImage
BeginPaint
EndPaint
EnumWindows
DdeUninitialize
GetWindowInfo
GetWindowThreadProcessId
DdeConnect
DdeClientTransaction
CreateWindowExA
TranslateMessage
DispatchMessageA
GetMessageA
DdeInitializeA
DdeCreateStringHandleA
DdeNameService
DdeGetData
LoadCursorA
RegisterClassExA
DdeFreeStringHandle

gdi32

GetObjectA
GetDeviceCaps
CreateFontA
DeleteObject
SelectObject
BitBlt
DeleteDC
SetBkMode
SetBkColor
SetTextColor
TextOutA
GetStockObject
CreateCompatibleDC

advapi32

RegCloseKey
RegEnumKeyExA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenServiceA
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegOpenKeyA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA

ole32

CoUninitialize
CreateStreamOnHGlobal
CoInitialize

Exports

Exports

DDE_Ready
INI_GetDictionary
INI_GetProperty
Log_LogIt
SplashScreen_Close
SplashScreen_GetWindowHandle
SplashScreen_SetText
SplashScreen_SetTextBgColor
SplashScreen_SetTextColor
SplashScreen_SetTextFont

Sections

.text
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
银狐木马 9X/银狐木马 9X/setup6001.exe.vir
.exe windows:5 windows x64 arch:x64

9f92af854fbf58e08835c20ce69e1f44

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateFileW
ReadFile
GetFileAttributesW
CloseHandle
VirtualAlloc
GetFileSize
GetCommandLineW
GetStartupInfoW
RaiseException
RtlPcToFileHeader
HeapAlloc
GetLastError
HeapFree
DecodePointer
EncodePointer
RtlUnwindEx
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
HeapSetInformation
GetVersion
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
TerminateProcess
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
Sleep
HeapSize
LoadLibraryW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetStringTypeW

advapi32

RegCloseKey
RegOpenKeyExW

crypt32

CertEnumSystemStore

urlmon

URLDownloadToFileW

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f92af854fbf58e08835c20ce69e1f44

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

crypt32

urlmon

Sections

.text Size: 31KB - Virtual size: 31KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 9KB

.pdata Size: 2KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

bed21645648953c58a7877b376ea5d19

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

urlmon

Sections

.text Size: 32KB - Virtual size: 32KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 9KB

.pdata Size: 2KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 233KB - Virtual size: 233KB

ad516e87cefea2ff7430b23a5a3278bb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

urlmon

crypt32

Sections

.text Size: 31KB - Virtual size: 31KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 9KB

.pdata Size: 2KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 105KB - Virtual size: 105KB

ea955d8cbfc6c7758fbcdea503206f6b

Headers

DLL Characteristics

File Characteristics

Imports

psapi

kernel32

user32

gdi32

advapi32

ole32

Exports

Exports

Sections

.text Size: 121KB - Virtual size: 121KB

.rdata Size: 29KB - Virtual size: 28KB

.data Size: 72KB - Virtual size: 89KB

.pdata Size: 6KB - Virtual size: 5KB

.rsrc Size: 170KB - Virtual size: 169KB

9f92af854fbf58e08835c20ce69e1f44

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

crypt32

urlmon

.text
Size: 31KB - Virtual size: 31KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 9KB

.pdata
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.text
Size: 32KB - Virtual size: 32KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 9KB

.pdata
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 233KB - Virtual size: 233KB

.text
Size: 31KB - Virtual size: 31KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 9KB

.pdata
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 105KB - Virtual size: 105KB

.text
Size: 121KB - Virtual size: 121KB

.rdata
Size: 29KB - Virtual size: 28KB

.data
Size: 72KB - Virtual size: 89KB

.pdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 170KB - Virtual size: 169KB

.text
Size: 31KB - Virtual size: 31KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 9KB

.pdata
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 26KB - Virtual size: 26KB